System and method for separation of software purchase from fulfillment

ABSTRACT

A system, method, and computer-readable medium are disclosed for separating the purchase of digital assets from their fulfillment. Information associated with the purchase of a system and digital assets to be processed by the system is received, including the system&#39;s unique system identifier. The unique system identifier is associated with the digital assets to generate digital assets entitlement data. A personalization agent installed on the system determines the system&#39;s unique system identifier and automatically downloads the purchased digital assets and their associated digital assets entitlement data. Once downloaded, the personalization agent uses the digital assets entitlement data to install the purchased digital assets on the system, thereby entitling the system to process the installed digital assets.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the management of information handling systems. More specifically, embodiments of the invention provide a system, method, and computer-readable medium for separating the purchase of digital assets from their fulfillment.

2. Description of the Related Art

As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.

In recent years, it has become common for manufacturers to offer standardized configurations of these systems bundled with an operating system (OS) and a selection of software applications, digital content, and associated services. Some of these same manufacturers also offer purchasers the ability to order a system custom-configured to their specification. These custom-configured systems, which are often ordered on-line, allow the purchaser to select the OS of their choice along with a selection of software and other digital assets to meet their individual needs. In some cases, the manufacturer may preinstall the OS and the selected digital assets on the system prior to delivery. In addition, the system may be further personalized (e.g., desktop themes and colors, etc.) as a service to the customer.

However, such options and services are generally not available in a retail environment, where the purchased system is more likely to be a standard configuration and software applications and other digital assets (e.g., games, movies, etc.) are typically prepackaged. Furthermore, even large retailers may not have all of the digital assets desired by the customer, causing them to go to other retailers or on-line to complete their system purchase. Moreover, retailers typically do not have the ability to sell a digital asset at a physical point of sale and then electronically deliver the purchased asset to the purchaser at a later time. Regardless of whether the digital assets are available in physical or digital form, or from one or multiple retailers, the customer is still required to sequentially load, configure, and personalize each item, which is often time consuming, tedious, and error-prone.

As a result, both the system manufacturer and their retailer lose the opportunity to establish a mutually beneficial and enduring relationship with the customer. In view of the foregoing, there is a need for separating transactions at a system retailer's Point Of Sale, as well as those made After the Point Of Sale (APOS), for the purchase of digital assets from their fulfillment. Furthermore, there is also a need for securing a connection between on-line providers of digital assets to ensure that they are only fulfilled on the system involved in the original transaction.

SUMMARY OF THE INVENTION

A system, method, and computer-readable medium are disclosed for separating the purchase of digital assets from their fulfillment. In various embodiments, a digital assets entitlement system is implemented for managing the entitlement of a system to process digital assets. In these and other embodiments, the system comprises a unique system identifier, which in turn comprises the unique identifiers of predetermined system components.

In various embodiments, the digital assets entitlement system receives purchase information associated with the purchase of a system, including its unique system identifier, and digital assets to be processed by the system. In these and other embodiments, the purchase transaction may be performed as an on-line, physical point-of-sale (POS), or after-point-of-sale (APOS) purchase transaction. The digital assets entitlement system associates the unique system identifier with the digital assets to generate digital assets entitlement data. Once the system is purchased, an operating system is installed, followed by the installation of a personalization agent, which then determines the system's unique system identifier.

The personalization agent then automatically establishes a connection to the digital assets entitlement system. Once connected, the personalization agent downloads the purchased digital assets, and their associated digital assets entitlement data, to the system. In various embodiments, the digital assets, and their associated digital assets entitlement data, may be downloaded from a single server, or a plurality of servers, on a network. Once downloaded, the personalization agent uses the digital assets entitlement data to install the purchased digital assets on the system, thereby entitling the system to process the installed digital assets.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention may be better understood, and its numerous objects, features and advantages made apparent to those skilled in the art by referencing the accompanying drawings. The use of the same reference number throughout the several figures designates a like or similar element.

FIG. 1 is a general illustration of components of an information handling system as implemented in the system and method of the present invention;

FIG. 2 is a simplified block diagram of the operation of a digital assets entitlement system;

FIGS. 3 a-b are a simplified block diagram of a unique system identifier that remains the same when one of its associated system component identifiers has been changed;

FIGS. 4 a-b are a simplified block diagram of a unique system identifier that is changed when one of its associated system component identifiers has been changed;

FIG. 5 is a simplified block diagram of an encrypted unique system identifier generated from a set of system component identifiers;

FIG. 6 is a simplified block diagram of a unique system identifier decrypted from an encrypted unique system identifier;

FIGS. 7 a-b are a generalized flow chart of the performance of digital asset entitlement operations; and

FIG. 8 is a generalized flow chart of the performance of digital assets entitlement and system personalization operations in physical and on-line environments.

DETAILED DESCRIPTION

A system, method, and computer-readable medium are disclosed for separating the purchase of digital assets from their fulfillment. For purposes of this disclosure, an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes. For example, an information handling system may be a personal computer, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory. Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, and a video display. The information handling system may also include one or more buses operable to transmit communications between the various hardware components.

FIG. 1 is a generalized illustration of an information handling system 100 that can be used to implement the method and system of the present invention. The information handling system 100 includes a processor (e.g., central processor unit or “CPU”) 102, input/output (I/O) devices 104, such as a display, a keyboard, a mouse, and associated controllers, a hard drive or disk storage 106, various other subsystems, such as a storage interface 108, a network port 110, and a system memory 112, all interconnected via one or more buses 114.

FIG. 2 is a simplified block diagram of the operation of a digital assets entitlement system. In various embodiments, a digital assets entitlement system 218 is implemented for managing the entitlement of a system 204 to process a digital asset 246. In these and other embodiments, the digital assets entitlement system 218 may be implemented on one or more servers 210, which are connected to a network 252. In various embodiments, the network 252 may comprise a public network, such as the Internet, a physical private network, a virtual private network (VPN), or any combination thereof. As shown in FIG. 2, the digital assets entitlement system 218 comprises a user service and support module 220, a digital fulfillment module 222, and a system identification and security module 224. The digital assets entitlement system 218 likewise comprises a personalization module 226, an entitlement module 228, a sales integration module 230, and a manufacturing integration module 232. Likewise, the digital assets entitlement system 218 is able to access a digital assets data repository 212, an entitlement data repository 214, and a system identifier (ID) data repository 216, each of which may be implemented on one or more servers 210 connected to a network 252.

As used herein, a digital asset 246 refers to any digital asset such as a software application, a deliverable or performable service, music, video, software activation key, personalization instructions, files, etc. that are digitally deliverable either wholly or partially. As likewise used herein, a digital assets entitlement refers to the association of a predetermined digital asset 246 with a target system 204. In various embodiments, an entitlement record contains the digital assets entitlement data (e.g., license information, etc.) that allows the digital asset 246 to be processed by a target system 204 identified by a corresponding unique system identifier 206. In these and other embodiments, the entitlement record is processed by the entitlement module 228 and stored in the entitlement data repository 214. Likewise, as used herein, a system 204 may comprise a personal computer, a laptop computer, or a tablet computer operable to establish an on-line session with the digital assets entitlement system 218 over a connection to network 252. The system 204 may also comprise a personal digital assistant (PDA), a mobile telephone, or any other suitable device operable to store a unique system ID 206, perform digital asset entitlement operations with a personalization agent, and likewise operable to establish a connection with network 252.

In this embodiment, digital assets entitlement and system personalization operations are performed by a user, such as a system purchaser 202, in either a physical environment or an on-line environment. As an example, a physical environment may comprise a retailer 240 operating a physical point-of-sale (POS) system 242. As another example, an on-line environment may comprise a system manufacturer 234, after-point-of-sale (APOS) vendor 236, or digital assets vendor 238, that respectively accepts on-line orders for systems or digital assets over a connection to network 252.

If the digital assets entitlement and system personalization operations are performed in an on-line environment, then the system purchaser 202 decides whether to purchase a custom-configured or pre-configured system 204. If the system 204 is to be pre-configured, then it is selected for on-line purchase by the system purchaser 202 and its unique identifier 206 is determined. In one embodiment, the unique system identifier 206 is stored in the BIOS of the pre-configured system 204. However, if the system 204 is to be custom-configured, then it is custom-configured for on-line purchase by the system purchaser 202. Once manufactured by the system manufacturer 234, a unique system identifier is generated as described in greater detail herein.

In various embodiments, the manufacturing integration module 232 coordinates the custom configuration of the system 204 with the digital assets entitlement system 218. Likewise, the system identification and security module 224 coordinates the generation of the unique system identifier 204 and its storage in the repository of system identifier data 216. The system purchaser then selects a digital asset 246 for on-line purchase, followed by selecting personalization options for the pre-configured or custom-configured system. In various embodiments, the personalization module 226 coordinates the selection of personalization options with the digital assets entitlement system 218. As used herein a system personalization option refers to any feature, capability, or function that may be applied to a target system. As an example, a personal computer desktop wallpaper or user interface options (e.g., a “classic” interface) are personalization options.

However, if the digital assets entitlement and system personalization operations are performed in a physical environment, then the system purchaser 202 selects a pre-configured system 204 and physical representations of digital assets 246 to be purchased. In various embodiments, the digital asset 246 is physically represented as images and text on a card or a package, yet the digital assets themselves are not contained within the card or package. The system purchaser 202 then selects system personalization options for the pre-configured system. In various embodiments, the system personalization options are likewise physically represented as images and text on a card or a package.

The digital assets product identifier (ID) is then scanned with a scanner 244 from its corresponding physical representation, followed by scanning its corresponding digital assets activation key or other entitlement data. In various embodiments, it is not necessary to scan the digital assets activation key or other entitlement data as it is provided by the digital assets entitlement system 218 during digital asset entitlement operations described in greater detail herein. Data related to the previously selected personalization options are then likewise scanned, followed by determining the unique system identifier 206 of the pre-configured system 204. In various embodiments, the digital assets product ID, its associated activation key or entitlement data, the personalization option data, and the unique system identifier are represented by a bar code 248 or other indicia on a card or physical package. In various other embodiments, the digital assets product ID, its associated activation key or entitlement data, the personalization option data, and the unique system identifier is contained in a radio frequency identifier (RFID) 250 tag affixed to the physical representation of the digital asset. Those of skill in the art will realize that many such embodiments are possible and that the foregoing is not intended to limit the spirit, scope, or intent of the invention.

A purchase transaction for the custom-configured or pre-configured system 204 and any associated digital assets 246 and personalization options is then completed. In various embodiments, the processing of the purchase transaction is performed by the sales integration module 230. In these and other embodiments, the financial proceeds of the purchase transaction may be settled between multiple parties. For example, a system manufacturer 234 may receive a portion of the purchase transaction corresponding to the cost of the system 204. One or more digital assets vendors 238 may likewise receive a proportionate share of the purchase transaction corresponding to the digital asset 246 they respectively provide.

Digital asset entitlement operations, as described in greater detail herein, are then performed by the digital assets entitlement system 218 to bind the digital asset 246, the personalization options, and their respective digital assets entitlement data to the unique system identifier 206 of the target system 204. The resulting bound data, including data associated with the digital assets (e.g., installation files, etc.) is then stored in the repository of entitlement data 214 and the purchased system 204 is then delivered to the system purchaser 202. In various embodiments, the entitlement module 228 generates, and then processes, the digital assets entitlement data and the user service and support module 220 coordinates the delivery of the system 204 to the system purchaser 202.

Standard operating system (OS) out-of-the-box-experience (OOBE) or hypervisor boot operations are performed on the system 204, followed by loading a personalization agent 208. In various embodiments, the personalization agent 208 has a unique identifier that is associated with one or more unique system component identifiers. In one embodiment, the unique identifier of the personalization agent is uniquely associated with the current unique system identifier 206 associated with the system 204. In another embodiment, a portion of the personalization agent 208 is delivered to the system 204 in an encrypted form and is then decrypted prior to being loaded on the system 204. In this embodiment, the primary system identifier (e.g., service tag number, serial number, etc.), is used as a decryption key to decrypt the personalization agent 208.

In various other embodiments, secondary system identifiers are stored on the system 204 (e.g., in the BIOS, in Flash memory, on a hard disk, etc.) as well as in the digital assets entitlement system 218. In these and other embodiments, the digital assets entitlement system 218 uses the secondary system identifiers to encrypt a portion of the personalization agent 208 before it is downloaded to the system 204. Once downloaded, the unencrypted portion of the personalization agent 208 uses the secondary system identifiers stored on the system 204 to decrypt the encrypted portion of the personalization agent 208. In one embodiment, the secondary system identifiers are likewise encrypted and are first decrypted before they are used to decrypt the encrypted portion of the personalization agent 208. In another embodiment, the secondary system identifiers are stored in a Trusted Platform Module (TPM). Skilled practitioners of the art will recognize that many such embodiments are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

The personalization agent 208 queries the target system for its unique system identifier 206. In various embodiments, the unique system identifier 206 associated with the system 204 is stored in the target system's BIOS, flash memory, a hard disk, or other memory device. The personalization agent 208 then automatically establishes a connection with the digital assets entitlement system 218 and uses the unique system identifier 206 to authenticate the system 204. The unique system identifier 206 is then used by the personalization agent 208 to determine entitled digital assets and personalization options corresponding to the unique system identifier 206.

Once determined, the corresponding personalization options and digital assets 246, along with their associated digital assets entitlement data, are respectively downloaded to the target system 204 from the repository of digital assets 212 and the repository of entitlement data 214. In one embodiment, the personalization options and digital assets, along with their associated digital assets entitlement data, are downloaded from a single server 210 on the network 252. In another embodiment, the personalization options and digital assets are downloaded from one or more servers 210 on the network 252. In yet another embodiment, the personalization options, digital assets, and associated digital assets entitlement data are respectively downloaded from a plurality of servers 210 on a network 252. As an example, a first digital asset 246 may be provided by the system manufacturer 234 and a second digital asset 246 may be provided by a digital assets vendor 238. Likewise, a plurality of digital assets 246 may be provided by a corresponding plurality of digital assets vendors 238. Skilled practitioners of the art will realize that many such embodiments and examples are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

In various embodiments, the digital assets entitlement system 218 manages the respective location of the personalization options, digital assets, and associated digital assets entitlement data to initiate its provision. Once downloaded, the personalization agent 208 uses the digital assets entitlement data to install the digital assets 246 and personalization options on the system 204. Thereafter, the system purchaser 202 may decide to perform an after-point-of-sale (APOS) purchase of digital asset 246. As used herein, an APOS purchase of digital assets refers to any purchase of a digital asset 246 made after the initial on-line or physical purchase of the system 204. In various embodiments, the APOS purchase of a digital asset 246 may be performed in a physical, on-line, or enterprise point-of-sale environment. If the APOS purchase is performed in an on-line environment, such as from APOS vendor 236, then the system purchaser 202 selects a digital asset 246 for on-line purchase. The personalization agent 208 then determines the unique system identifier 206 of the system 204. An APOS purchase transaction is then performed for purchase of the selected digital asset 246. However, if the APOS purchase is performed in a physical environment, then the purchaser selects a physical representation of a digital asset 246 to be purchased. The digital assets product identifier (ID) is then scanned from its corresponding physical representation, followed by scanning its corresponding digital assets activation key or other entitlement data.

Digital asset entitlement operations, as described in greater detail herein, are then performed by the digital assets entitlement system 218 to bind the digital asset 246 and their respective digital assets entitlement data associated with the APOS purchase to the unique system identifier 206 of the target system 204. The resulting bound data, including data associated with the digital assets (e.g., installation files, etc.) is then stored, as described in greater detail herein, in the digital assets entitlement system 218. The personalization agent 208, as likewise described in greater detail herein, then automatically establishes a connection with the digital assets entitlement system 218, downloads the purchased digital asset 246 and their associated digital assets entitlement data. Once downloaded, the personalization agent 208 then uses the associated digital assets entitlement data to install the downloaded digital asset 246 on the system 204.

FIGS. 3 a-b are a simplified block diagram of a unique system identifier that remains the same when one of its associated system component identifiers has been changed in accordance with an embodiment of the invention. As shown in FIG. 3 a, an original unique system identifier 320 is generated from a plurality of unique system component identifiers 302, which correspond to a plurality of system components contained in a target system. As likewise shown in FIG. 3 a, the unique system component identifiers 302 comprise a Model Number 304 SA310J43, a Serial Number 306, sometimes referred to as a service tag number or a primary system identifier, ‘SEM5239923875’, a Factory ID 308 ‘AUS’, and a Manufacture Date 310 ‘111909’. The unique system component identifiers 302 likewise comprise an Original Motherboard ID 314 ‘19374WS238017BH’, a Processor ID 316 ‘92348430-432919237’, a Hard Drive ID 318 ‘183747HJ3672’, etc.

As described in greater detail herein, once generated, the original unique system identifier 320 is associated, such as through a binding operation, with predetermined digital assets 332 to generate a digital assets entitlement 330. As likewise described in greater detail herein, the digital assets entitlement 330 entitles a target system, which is associated with the original unique system identifier 320, to process the digital assets 332. However, it is not uncommon for system components to be replaced due to failure, erratic performance, becoming outmoded, or for other reasons. It will be appreciated that the entitlement 330 between the original unique system identifier 320 and the digital assets 332 may be compromised as a result of such a replacement. For example, as illustrated in FIG. 3 b, the Original Motherboard ID 314 ‘19374WS238017BH’ has been replaced with a New Motherboard ID 334 ‘56812FR853945PL’. However, the original unique system identifier 320 remains unchanged.

In various embodiments, extract, transform, and load (ETL) and other database operations are performed to manage the integrity of the relationship between the original unique system identifier 320 and the plurality of unique system component identifiers 302. As an example, the Original Motherboard ID 314 ‘19374WS238017BH’ may remain as a subset of the original unique system identifier 320, even though it may have been deactivated or invalidated as a unique system component identifier 302. However, in these and other embodiments, relational database operations known to those of skill in the art may be applied to maintain the relationship between the original unique system identifier 320, the New Original Motherboard ID 334 ‘56812FR853945PL’, and the unchanged unique system component identifiers 302. Accordingly, the integrity of the entitlement 330 between the original unique system identifier 320 and the digital assets 332 is perpetuated. It will be apparent to skilled practitioners of the art that many such embodiments are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

FIGS. 4 a-b are a simplified block diagram of a unique system identifier that is changed when one of its associated system component identifiers has been changed in accordance with an embodiment of the invention. As shown in FIG. 4 a, an original unique system identifier 320 is generated from a plurality of unique system component identifiers 302, which correspond to a plurality of system components contained in a target system. As likewise shown in FIG. 3 a, the unique system component identifiers 302 comprise a Model Number 304 SA310J43, a Serial Number 306, sometimes referred to as a service tag number or a primary system identifier, ‘SEM5239923875’, a Factory ID 308 ‘AUS’, and a Manufacture Date 310 ‘111909’. The unique system component identifiers 302 likewise comprise an Original Motherboard ID 314 ‘19374WS238017BH’, a Processor ID 316 ‘92348430-432919237’, a Hard Drive ID 318 ‘L83747HJ3672’, etc.

As described in greater detail herein, once generated, the original unique system identifier 320 is associated, such as through a binding operation, with predetermined digital assets 332 to generate a digital assets entitlement 330. As likewise described in greater detail herein, the digital assets entitlement 330 entitles a target system, which is associated with the original unique system identifier 320, to process the digital assets 332. However, it is not uncommon for system components to be replaced due to failure, erratic performance, becoming outmoded, or for other reasons. It will be appreciated that the entitlement 330 between the original unique system identifier 320 and the digital assets 332 may be compromised as a result of such a replacement. For example, as illustrated in FIG. 4 b, the Original Motherboard ID 314 ‘19374WS238017BH’ has been replaced with a New Motherboard ID 334 ‘56812FR853945PL’. As a result, a new unique system identifier 420 is generated, which is a concatenation of the plurality of unique system component identifiers 402, including the New Original Motherboard ID 334 ‘56812FR853945PL’ as a subset.

In various embodiments, a first set of operations are performed to remove the entitlement 330 between the original unique system identifier 320 and digital assets 332. A second set of operations are then performed to associate the new unique system identifier 420 with the digital assets 332 to generate a new entitlement 430. In these and other embodiments, the original unique system identifier 320 is then invalidated. Accordingly, the integrity of the original entitlement 330 between the original unique system identifier 320 and the digital assets 332 is perpetuated by the new entitlement 430 between the new unique system identifier 420 and the digital assets 332. Skilled practitioners of the art will recognize that many such embodiments are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

FIG. 5 is a simplified block diagram of an encrypted unique system identifier generated from a set of system component identifiers in accordance with an embodiment of the invention. In this embodiment, a source unique system identifier 520 is generated from a plurality of original unique system component identifiers 502, which correspond to a plurality of system components contained in a target system. As shown in FIG. 5, the original unique system component identifiers 502 comprise a Model Number 304 SA310J43, a Serial Number 306, sometimes referred to as a service tag number or a primary system identifier, ‘SEM5239923875’, a Factory ID 308 ‘AUS’, a Timestamp Date 510 ‘111909’, and a Timestamp Time 512 ‘14:27:26:34’. The original unique system component identifiers 502 likewise comprise an Original Motherboard ID 314 ‘19374WS238017BH’, a Processor ID 316 ‘92348430-432919237’, a Hard Drive ID 318 ‘L83747HJ3672’, etc.

An encryption operation 524 is then performed on the source unique system identifier 520 to generate an original encrypted unique system identifier 528. In various embodiments, the encryption operation may comprise the use of a private key, a public key, key pairs, or any combination of keys and cryptographic operations such as implemented in a public key infrastructure (PKI). As an example, the original encrypted unique system identifier 528 may be generated using a private key associated with the manufacturer of the system and a public key associated with the system itself. In one embodiment, the Timestamp Date 510 ‘111909’ and the Timestamp Time 512 ‘14:27:26:34’ are likewise used to generate the encrypted unique system identifier 528. Skilled practitioners of the art will be familiar with such cryptographic operations and recognize that many such embodiments are possible and that the foregoing is not intended to limit the spirit, scope, or intent of the invention.

As described in greater detail herein, once generated, the original encrypted unique system identifier 528 is associated, such as through a binding operation, with predetermined digital assets 332 to generate a digital assets entitlement 530. As likewise described in greater detail herein, the digital assets entitlement 530 entitles a target system, which is associated with the original encrypted unique system identifier 528, to process the digital assets 332.

FIG. 6 is a simplified block diagram of a unique system identifier decrypted from an encrypted unique system identifier in accordance with an embodiment of the invention. It is not uncommon for system components to be replaced due to failure, erratic performance, becoming outmoded, or for other reasons. However, the replaced system component will typically have a different unique system component identifier. As a result, the entitlement association between a unique system identifier and predetermined digital assets may be compromised as a result of such a replacement, which in turn may prevent the target system from processing the digital assets.

In various embodiments, the unique system component identifier of the replacement system component is unknown until it is replaced in the target system. In these and other embodiments, the system component is replaced in the target system, the target system is then initiated (e.g., booted), and an inventory of unique system component identifiers is performed. In one embodiment, one or more unique system component identifiers, such as a serial number or service tag, are visible and may be visually inventoried. In another embodiment, one or more unique system component identifiers, such as a motherboard, processor, or hard drive serial number, are not visible and may be automatically inventoried.

As shown in FIG. 6, a new source unique system identifier 650 is generated from the inventoried unique system component identifiers. In one embodiment, a time stamp date and a time stamp time are components of the new source unique system identifier 650. In this embodiment, the time stamp date and a time stamp time are used to validate the authenticity of the new source unique system identifier 650. As an example, the provider of the replacement part may have stipulated that the replacement part be replaced on Nov. 12, 2009, between 8:00 AM and 6:00 PM. Accordingly, a time state date of Nov. 12, 2009 and a time stamp time of 16:33:42:05 would provide validation that the replacement part was replaced within the specified date and time interval.

An encryption operation 652 is then performed on the new source unique system identifier 650 to generate a new encrypted unique system identifier 628. As an example, the encryption operation may be performed using a private key associated with the target system and a public key associated with the provider of the replacement system component. The new encrypted unique system identifier 628 is then communicated to a digital assets entitlement system, which in turn performs a decryption operation 626 to generate a decrypted unique system identifier 622.

As likewise shown in FIG. 6, extract, transform, and load (ETL) and other database operations 634 are performed on the decrypted unique system identifier 622 to generate new unique system component identifiers 602. As shown in FIG. 6, the new unique system component identifiers now comprise a Model Number 304 SA310J43, a Serial Number 306, ‘SEM5239923875’, a Factory ID 308 ‘AUS’, a Timestamp Date 610 ‘112009’, and a Timestamp Time 612 ‘16:33:42:05’. The new unique system component identifiers 602 likewise comprise a New Motherboard ID 314 ‘56812FR853945PL’, a Processor ID 316 ‘92348430-432919237’, a Hard Drive ID 318 ‘L83747HJ3672’, etc. In one embodiment, the Timestamp Date 610 and the Timestamp Time 612 are compared to previously authorized timestamp date and timestamp times to validate the authenticity of the new unique system component identifiers 602 and their corresponding decrypted unique system identifier 622. In this and other embodiments, if the decrypted unique system identifier 622 is validated, then a first set of operations are performed to remove the entitlement between the original encrypted unique system identifier and digital assets 332. A second set of operations are then performed to associate the new encrypted unique system identifier 628 with the digital assets 332 to generate a new entitlement 630. Accordingly, the integrity of the original entitlement between the original encrypted unique system identifier and the digital assets 332 is perpetuated by the new entitlement 630 between the new encrypted unique system identifier 628 and the digital assets 332.

In various other embodiments, the provider of the replacement system component is able to determine its associated unique system component identifier. In one embodiment, the unique system component identifier is known in advance. In another embodiment, the unique system component identifier may be one of a pool of, or a range of, possible unique system component identifiers set aside for replacement purposes. As described in greater detail herein, a new source unique identifier is generated, using the unique system component identifier of the component to be replaced. Once the new source unique identifier is generated the unique system component identifier of the replaced system component is invalidated. In these and other embodiments, the system component is replaced in the target system, the target system is then initiated (e.g., booted), and an inventory of unique system component identifiers is performed. In one embodiment, one or more unique system component identifiers, such as a serial number or service tag, are visible and may be visually inventoried. In another embodiment, one or more unique system component identifiers, such as a motherboard, processor, or hard drive serial number, are not visible and may be automatically inventoried.

As shown in FIG. 6, a new source unique system identifier 650 is generated from the inventoried unique system component identifiers. In one embodiment, a time stamp date and a time stamp time are components of the new source unique system identifier 650. In this embodiment, the time stamp date and a time stamp time are used to validate the authenticity of the new source unique system identifier 650. An encryption operation 652 is then performed on the new source unique system identifier 650 to generate a new encrypted unique system identifier 628. As an example, the encryption operation may be performed using a private key associated with the target system and a public key associated with the provider of the replacement system component. The new encrypted unique system identifier 628 is then communicated to a digital assets entitlement system, which in turn performs a decryption operation 626 to generate a decrypted unique system identifier 622.

Comparison operations 654 are then performed between the new source unique system identifier and the decrypted unique system identifier 622. If the comparison operations 654 are successful, then a first set of operations are performed to remove the entitlement between the original encrypted unique system identifier and digital assets 332. A second set of operations are then performed to associate the new encrypted unique system identifier 628 with the digital assets 332 to generate a new entitlement 630. Accordingly, the integrity of the original entitlement between the original encrypted unique system identifier and the digital assets 332 is perpetuated by the new entitlement 630 between the new encrypted unique system identifier 628 and the digital assets 332. Skilled practitioners of the art will recognize that many such embodiments are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

FIGS. 7 a-b are a generalized flow chart of the performance of digital asset entitlement operations in an embodiment of the invention, In this embodiment, digital asset entitlement operations are started in step 702, followed by the selection of a target system in step 704 for digital assets entitlement. The unique system identifier of the target system, as described in greater detail herein, is determined in step 706, followed by a determination being made in step 708 whether a device record has been established for the target system. If not, then the device record is generated in step 710. As used herein, a device record refers to a data record containing data related to a system which will receive an entitlement to process associated digital assets. In various embodiments, the unique system identifier of the target system is stored in the device record. In various embodiments, other records may be associated with the device record to further describe the system, such as its model, type, make, internal identifiers, etc.

Once the device record has been generated, or if it is determined in step 708 that it has already been established, then a determination is made in step 712 whether an account record has been established for a user. If not, then the account record is generated for a user in step 714. As used herein, an account record refers to a data record containing data related to the association of multiple devices or systems to one or more entities. In various embodiments, the entity may be a single individual or a group of individuals. As an example, the entity may be a household with multiple PCs, a small business with several employees, a large corporation with many employees, etc. Other records may be attached to the account to further describe the account holder, payment information related to the account, etc. Accounts may further be broken down or organized into sub-accounts as needed, such as to describe departments within an enterprise). In various embodiments, a user may be associated with a single device or system or multiple devices or systems in the account record. Conversely, a group of users may be associated with a single device or system or multiple devices in the account record. Further more groups of individual users may likewise be associated with groups of individual devices or systems. Those of skill in the art will recognize that many such associations are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention. Once the account record has been generated, or if it is determined in step 712 that it has already been established, then a determination is made in step 716 whether the account record is associated with the target. If not, then the account record is generated in step 718.

Once the account record has been associated with the target system, or if it is determined in step 716 that it has already been associated, then a target list of digital assets is presented in step 720 for entitlement. A determination is then made in step 722 whether to generate an entitlement for a digital asset. If not, then a determination is made in step 732 whether to continue digital asset entitlement operations. If so, then the process is continued, proceeding with step 704. Otherwise digital asset entitlement operations are ended in step 734. However, if it is determined in step 722 to generate an entitlement for a digital asset, then a target digital asset is selected in step 724. A digital assets entitlement is then generated in step 726 by performing operations to associate the selected digital asset's corresponding license record with the aforementioned device record, account record, and other predetermined records. The resulting digital assets entitlement association is then added to the entitlement record in step 728. A determination is then made in step 730 whether to generate another digital assets entitlement. If so, the process is continued, proceeding with step 724. Otherwise, a determination is made in step 732 whether to continue digital asset entitlement operations. If so, then the process is continued, proceeding with step 704. Otherwise digital asset entitlement operations are ended in step 734.

FIG. 8 is a generalized flow chart of the performance of digital assets entitlement and system personalization operations in physical and on-line environments as implemented in an embodiment of the invention. In this embodiment, digital assets entitlement and system personalization operations are begun by a system purchaser in step 802, followed by a determination being made in step 804 whether the entitlement and system personalization operations are performed in a physical environment or an on-line environment. If it is determined in step 804 that the digital assets entitlement and system personalization operations are performed in an on-line environment, then a determination is made in step 806 whether the target system is to be custom-configured or pre-configured. If it is determined in step 806 that the target system is to be a pre-configured system, then the system purchaser selects the target system for on-line purchase in step 808. The unique identifier for the selected pre-configured system is then determined in step 810. In one embodiment, the unique system identifier is stored in the BIOS of the pre-configured target system.

However, if it is determined in step 806 that the target system is to be a custom-configured system, then the system purchaser configures the target system for on-line purchase in step 812. The target system is then manufactured in step 814 according to the custom configuration selections made by the purchaser in step 812. Once manufactured, a unique system identifier is generated in step 816, as described in greater detail herein. Then, or after the unique system identifier is determined for the pre-configured system in step 810, the system purchaser selects digital assets for on-line purchase in step 818, followed by selecting personalization options for the custom-configured system in step 820.

However, if it is determined in step 804 that the entitlement and system personalization operations are to be performed in a physical environment, then the system purchaser selects a pre-configured system in step 822 to purchase. The system purchaser then selects a physical representation of digital assets to be purchased in step 824. In various embodiments, the digital assets are physically represented as images and text on a card or a package, yet the digital assets themselves are not contained within the card or package. The system purchaser then selects system personalization options for the pre-configured system in step 826. In various embodiments, the system personalization options are physically represented as images and text on a card or a package.

The digital assets product identifier (ID) is then scanned from its corresponding physical representation in step 828, followed by scanning its corresponding digital assets activation key or other entitlement data in step 830. Data related to the previously selected personalization options are then likewise scanned in step 832, followed by determining the unique system identifier of the pre-configured system in step 834. In various embodiments, the digital assets product ID, its associated activation key or entitlement data, the personalization option data, and the unique system identifier are represented by a bar code or other indicia on a card or physical package. In various other embodiments, the digital assets product ID, its associated activation key or entitlement data, the personalization option data, and the unique system identifier is contained in a radio frequency identifier (RFID) tag affixed to the physical representation of the digital asset. Those of skill in the art will realize that many such embodiments are possible and that the foregoing is not intended to limit the spirit, scope, or intent of the invention.

Once the system personalization data has been provided in step 820, or the unique system identifier has been determined in step 834, a purchase transaction for the custom-configured or pre-configured target system and any associated digital assets and personalization options is completed in step 836. Digital asset entitlement operations, as described in greater detail herein, are then performed by a digital assets entitlement system in step 838 to bind the digital assets, the personalization options, and their respective digital assets entitlement data to the unique system identifier of the target system. The resulting bound data, including data associated with the digital assets (e.g., installation files, etc.) is then stored in the digital assets entitlement system in step 840 and the custom-configured or pre-configured system is then delivered to the system purchaser in step 842.

Standard operating system (OS) out-of-the-box-experience (OOBE) or hypervisor boot operations are performed on the new target system in step 844, followed by loading a personalization agent on the target system in step 846. In various embodiments, the personalization agent has a unique identifier that is associated with one or more unique system component identifiers. In one embodiment, the unique identifier of the personalization agent is uniquely associated with the current unique system identifier associated with the target system. In another embodiment, a portion of the personalization agent is delivered to the target system in an encrypted form and is then decrypted prior to being loaded on the target system. In this embodiment, the primary system identifier (e.g., service tag number, serial number, etc.), is used as a decryption key to decrypt the personalization agent.

In various other embodiments, secondary system identifiers are stored on the target system (e.g., in the BIOS, in Flash memory, on a hard disk, etc.) as well as in the digital assets entitlement system. In these and other embodiments, the digital assets entitlement system uses the secondary system identifiers to encrypt a portion of the personalization agent before it is downloaded to the target system. Once downloaded, the unencrypted portion of the personalization agent uses the secondary system identifiers stored on the target system to decrypt the encrypted portion of the personalization agent. In one embodiment, the secondary system identifiers are likewise encrypted and are first decrypted before they are used to decrypt the encrypted portion of the personalization agent. In another embodiment, the secondary system identifiers are stored in a Trusted Platform Module (TPM). Skilled practitioners of the art will recognize that many such embodiments are possible and the foregoing is not intended to limit the spirit, scope, or intent of the invention.

The personalization agent then queries the target system for its unique system identifier in step 848. In various embodiments, the unique system identifier associated with the target system is stored in the target system's BIOS, flash memory, a hard disk, or other memory device. The personalization agent then automatically establishes a connection with the digital assets entitlement system in step 850 and uses the unique system identifier to authenticate the system. Then, in step 852, the unique system identifier is used by the personalization agent to determine entitled digital assets and personalization options corresponding to the unique system identifier.

Once determined, the corresponding personalization options and digital assets, along with their associated digital assets entitlement data, are downloaded in step 854 to the target system. In one embodiment, the personalization options and digital assets, along with their associated digital assets entitlement data, are downloaded from a single server on a network. In another embodiment, the personalization options and digital assets are downloaded from one or more servers on a network. In yet another embodiment, the personalization options, digital assets, and associated digital assets entitlement data are respectively downloaded from a plurality of servers on a network. In these and other embodiments, the digital assets entitlement system manages the respective location of the personalization options, digital assets, and associated digital assets entitlement data to initiate its provision. Once downloaded, the personalization agent uses the digital assets entitlement data in step 856 to install the digital assets and personalization options on the target system.

A determination is then made in step 858 whether to perform an after-point-of-sale (APOS) purchase of digital assets. If it is determined in step 858 to not perform an APOS purchase of digital assets, then a determination is made in step 884 whether to continue digital assets entitlement and system personalization operations. If so, then the process is continued, proceeding with step 856. Otherwise, digital assets entitlement and system personalization operations are ended in step 886.

However, if it is determined in step 858 to perform an APOS purchase of digital assets, then a determination is made in step 860 whether the APOS purchase will be performed in an on-line or physical environment. If it is determined in step 860 that the APOS purchase is to be performed in an on-line environment, then the purchaser selects digital assets in step 862 to purchase on-line. The purchaser then likewise selects any personalization options to purchase on-line in step in step 864. The personalization agent then determines the unique system identifier of the target system in step 874, followed by performing an APOS purchase transaction in step 876 for the purchase of the digital assets and personalization options.

Digital asset entitlement operations, as described in greater detail herein, are then performed by the digital assets entitlement system in step 880 to bind the digital assets, the personalization options, and their respective digital assets entitlement data associated with the APOS purchase to the unique system identifier of the target system. The resulting bound data, including data associated with the digital assets (e.g., installation files, etc.) is then stored in the digital assets entitlement system in step 882. The process is then continued, proceeding with step 848.

However, if it was determined in step 860 that the APOS purchase is to be performed in a physical environment, then the purchaser selects a physical representation of digital assets to be purchased in step 866. The digital assets product identifier (ID) is then scanned from its corresponding physical representation in step 868, followed by scanning its corresponding digital assets activation key or other entitlement data in step 870. The system purchaser then selects system personalization options, which are likewise scanned in step 872. The process is then continued, proceeding with step 874.

The present invention is well adapted to attain the advantages mentioned as well as others inherent therein. While the present invention has been depicted, described, and is defined by reference to particular embodiments of the invention, such references do not imply a limitation on the invention, and no such limitation is to be inferred. The invention is capable of considerable modification, alteration, and equivalents in form and function, as will occur to those ordinarily skilled in the pertinent arts. The depicted and described embodiments are examples only, and are not exhaustive of the scope of the invention.

For example, the above-discussed embodiments include software modules that perform certain tasks. The software modules discussed herein may include script, batch, or other executable files. The software modules may be stored on a machine-readable or computer-readable storage medium such as a disk drive. Storage devices used for storing software modules in accordance with an embodiment of the invention may be magnetic floppy disks, hard disks, or optical discs such as CD-ROMs or CD-Rs, for example. A storage device used for storing firmware or hardware modules in accordance with an embodiment of the invention may also include a semiconductor-based memory, which may be permanently, removably or remotely coupled to a microprocessor/memory system. Thus, the modules may be stored within a computer system memory to configure the computer system to perform the functions of the module. Other new and various types of computer-readable storage media may be used to store the modules discussed herein. Additionally, those skilled in the art will recognize that the separation of functionality into modules is for illustrative purposes. Alternative embodiments may merge the functionality of multiple modules into a single module or may impose an alternate decomposition of functionality of modules. For example, a software module for calling sub-modules may be decomposed so that each sub-module performs its function and passes control directly to another sub-module.

Consequently, the invention is intended to be limited only by the spirit and scope of the appended claims, giving full cognizance to equivalents in all respects. 

What is claimed is:
 1. A system for managing the entitlement of digital assets, comprising: a storage medium comprising a repository of system identifier data, digital assets data, and digital assets entitlement data; and a processor, the processor being operable to: perform a purchase transaction of a digital asset, the purchase transaction of the digital asset generating digital asset purchase transaction data, the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of the digital asset; perform a purchase transaction of a target computer system, the purchase transaction of the target computer system generating target computer system purchase transaction data, the target computer system purchase transaction data comprising target computer system identifier data associated with the purchase of the target computer system; receive the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of digital asset and the target computer system purchase transaction data at a system for managing entitlement of digital assets, wherein the digital asset purchase transaction data is provided by a first provider, the first provider comprising a vendor of the digital asset; process the digital asset purchase transaction data and the target computer system purchase transaction data to generate digital assets entitlement data, the process being performed by the system for managing the entitlement of digital assets, wherein the digital asset entitlement data is associated with the target computer system identified by the target computer system identifier data and with the digital asset identified by the digital asset identifier data; provide from the system for managing the entitlement of digital assets a digital asset entitlement message to a personalization agent associated with and executing on the target computer system, wherein the digital asset entitlement message comprises the target computer system identifier data, the personalization agent querying the target computer system for the target computer system identifier data and automatically establishing communication with the system for managing the entitlement of digital assets; provide the digital asset entitlement data and the digital asset data associated with the target computer system identifier data to the personalization agent, wherein the digital assets entitlement data and the digital assets data is provided by the system for managing the entitlement of digital assets; and, perform installation operations to install the digital asset on the target computer system, wherein the personalization agent uses the digital asset entitlement data to perform the installation operation.
 2. The system of claim 1, wherein the digital asset purchase transaction data is generated by performing an on-line purchase transaction.
 3. The system of claim 1, wherein the digital asset purchase transaction data is generated by performing Point Of Sale (POS) purchase transaction.
 4. The system of claim 1, wherein the digital asset purchase transaction data is generated by performing an After Point Of Sale (APOS) purchase transaction.
 5. The system of claim 1, wherein the providing the digital assets entitlement data and the digital assets data is performed by a single provider on a network.
 6. The system of claim 1, wherein the providing the digital assets entitlement data and the digital assets data is performed by a dependently or independently by a plurality of providers on a network.
 7. A computer-implemented method for managing the entitlement of digital assets, comprising: performing a purchase transaction of a digital asset, the purchase transaction of the digital asset generating digital asset purchase transaction data, the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of the digital asset; performing a purchase transaction of a target computer system, the purchase transaction of the target computer system generating target computer system purchase transaction data, the target computer system purchase transaction data comprising target computer system identifier data associated with the purchase of the target computer system; receiving the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of digital assets and the target computer system purchase transaction data at a system for managing entitlement of digital assets, wherein the digital asset purchase transaction data is provided by a first provider, the first provider comprising a vendor of the digital asset; processing the digital asset purchase transaction data and the target computer system purchase transaction data to generate digital asset entitlement data, the processing being performed by the system for managing the entitlement of digital assets, wherein the digital asset entitlement data is associated with the target computer system identified by the target computer system identifier data and with the digital asset identified by the digital asset identifier data; providing from the system for managing the entitlement of digital assets a digital asset entitlement message to a personalization agent associated with and executing on the target computer system, the personalization agent comprising computer executable instructions, the computer executable instructions executing on the target computer system, wherein the digital asset entitlement message comprises the target computer system identifier data, the personalization agent querying the target computer system for the target computer system identifier data and automatically establishing communication with the system for managing the entitlement of digital assets; providing the digital asset entitlement data and the digital asset data associated with the target computer system identifier data to the personalization agent, wherein the digital asset entitlement data and the digital asset data is provided by the system for managing the entitlement of digital assets; and, performing installation operations to install the digital asset on the target computer system, wherein the personalization agent uses the digital asset entitlement data to perform the installation operation.
 8. The method of claim 7, wherein the digital asset purchase transaction data is generated by performing an on-line purchase transaction.
 9. The method of claim 7, wherein the digital asset purchase transaction data is generated by performing a Point Of Sale (POS) purchase transaction.
 10. The method of claim 7, wherein the digital asset purchase transaction data is generated by performing an After Point Of Sale (APOS) purchase transaction.
 11. The method of claim 7, wherein the of providing the digital asset entitlement data and the digital asset data is performed by a single server on a network.
 12. The method of claim 7, wherein the of providing the digital asset entitlement data and the digital asset data is performed by a plurality of servers on a network.
 13. A computer-usable medium embodying computer program code, the computer program code comprising computer executable instructions configured for: using a storage medium comprising a repository of system identifier data, digital assets data, and digital assets entitlement data; and using processing logic to: perform a purchase transaction of a digital asset, the purchase transaction of the digital asset generating digital asset purchase transaction data, the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of the digital asset; perform a purchase transaction of a target computer system, the purchase transaction of the target computer system generating target computer system purchase transaction data, the target computer system purchase transaction data comprising target computer system identifier data associated with the purchase of the target computer system; receive the digital asset purchase transaction data comprising digital asset identifier data associated with the purchase of digital asset and the target computer system purchase transaction data at a system for managing entitlement of digital assets, wherein the digital asset purchase transaction data is provided by a first provider, the first provider comprising a vendor of the digital asset; process the digital asset purchase transaction data and the target computer system purchase transaction data to generate digital assets entitlement data, the process being performed by the system for managing the entitlement of digital assets, wherein the digital assets entitlement data is associated with the target computer system identified by the target computer system identifier data and with the digital asset identified by the digital asset identifier data; provide from the system for managing the entitlement of digital assets a digital asset entitlement message to a personalization agent associated with and executing on the target computer system, wherein the digital assets entitlement message comprises the target computer system identifier data, the personalization agent querying the target computer system for the target computer system identifier data and automatically establishing communication with the system for managing the entitlement of digital assets; provide the digital asset entitlement data and the digital asset data associated with the target computer system identifier data to the personalization agent, wherein the digital asset entitlement data and the digital asset data is provided by the system for managing the entitlement of digital assets; and, perform installation operations to install the digital asset on the target computer system, wherein the personalization agent uses the digital asset entitlement data to perform the installation operation.
 14. The computer usable medium of claim 13, wherein the digital asset purchase transaction data is generated by performing an on-line purchase transaction.
 15. The computer usable medium of claim 13, wherein the digital asset purchase transaction data is generated by performing Point Of Sale (POS) purchase transaction.
 16. The computer usable medium of claim 13, wherein the digital asset purchase transaction data is generated by performing an After Point Of Sale (APOS) purchase transaction.
 17. The computer usable medium of claim 13, wherein the providing the digital assets entitlement data and the digital assets data is performed by a single provider on a network.
 18. The computer usable medium of claim 13, wherein the providing the digital assets entitlement data and the digital assets data is performed dependently or independently by a plurality of providers on a network. 